A new system recovery offering from former IBM division and current managed infrastructure service provider Kyndryl incorporates air-gapped data vaulting technology from Dell for faster recovery from major cyber security incidents like ransomware attacks.
The Cyber Incident Recovery service is a four-part system, according to Kyndryl global security and resiliency practice leader Kris Lovejoy.
Kyndryl provides an orchestration tool that offers users a way to respond programmatically and immediately to a cyber security event, an analytics tool that uses machine learning to do regular integrity checking on system configuration data (ensuring that it hasn't been compromised by bad actors), and the company's own in-house expertise in deployment and configuration of large-scale, enterprise systems.
The fourth part is the newly added Dell cyber vaulting capability, which provides an air-gapped repository of known-good configuration and backup data for speedy recovery in the event of a major system compromise.
Lovejoy said that the idea behind the newly buttressed partnership is to address a logical gap between cyber security and disaster recovery/business continuity, particularly where ransomware is concerned.
"This is a practical problem that the market faces, that we've been focused on for a long time," she said. "Ransomware is creating a new recognition that there are gaps in our organisational structures."
That gap creates a serious issue in cases where a business has to recover from a ransomware attack — recovering newly wiped systems requires clean back-ups and configuration data, neither of which is a given in the wake of ransomware.
"Imagine your entire infrastructure has been locked up — an incident response provider helps you contain the event and then the question is ‘how do you bring it back?'" Lovejoy said. "You have to assume you have [usable] storage, you have to assume you have a [usable] system configuration, and that's frequently not accurate."
Moreover, the process of recreating clean configurations and recovering backup data from deep storage is often sufficiently time-consuming that it can be more cost-efficient to simply pay the ransom, instead.
By integrating Dell's cyber vaulting capability, then, Kyndryl is hoping to eliminate a key variable that can cost valuable back-up time and effort, and — ideally — make it much more attractive to recover organically, instead of paying off cyber criminals.
"This kind of technology ensures that, if there's been a ransomware event, that the company has a backup that can be activated in an automated fashion," Lovejoy said.